IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: GSS-API SRP mech (was Re: retrying keyex ...)

To: ietf-ssh%NetBSD.org@localhost
Subject: Re: GSS-API SRP mech (was Re: retrying keyex ...)
From: Markus Friedl <markus%openbsd.org@localhost>
Date: Fri, 18 Jul 2003 09:36:27 +0200

On Thu, Jul 17, 2003 at 12:31:20PM -0700, Tom Wu wrote:
> With the patched OpenSSH, since it includes a 
> hash of the public key inside the SRP verification messages, it would 
> cause authentication to fail, thwarting the MITM attack.

I don't see how this is an improvement over pubkey auth, since
it allows you to detect a MITM attack as well.

Follow-Ups:
- Re: GSS-API SRP mech (was Re: retrying keyex ...)
  - From: Simon Tatham

References:
- Re: GSS-API SRP mech (was Re: retrying keyex ...)
  - From: Simon Tatham
- Re: GSS-API SRP mech (was Re: retrying keyex ...)
  - From: Tom Wu

Prev by Date: Re: SSH_MSG_KEXGSS_HOSTKEY (was: Re: I-D ACTION:draft-weber-secsh-pkalg-none-00.txt)
Next by Date: Re: GSS-API SRP mech (was Re: retrying keyex ...)
Previous by Thread: Re: GSS-API SRP mech (was Re: retrying keyex ...)
Next by Thread: Re: GSS-API SRP mech (was Re: retrying keyex ...)
Indexes:

Home | Main Index | Thread Index | Old Index